Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change description regex after aws lambda eni enhancement rollout #10331

Closed
wants to merge 1 commit into from
Closed

Change description regex after aws lambda eni enhancement rollout #10331

wants to merge 1 commit into from

Conversation

rekahsoft
Copy link

  • aws/resource_aws_security_group.go: As part of this AWS
    announcement (https://aws.amazon.com/blogs/compute/announcing-improved-vpc-networking-for-aws-lambda-functions/),
    eni's created by lambda will now have a different description. This is not explicitly
    documented, but was found in region 'eu-west-1', and will affect more regions over the next
    few months as AWS rolls out this change. This description, which used to be a string of the
    form "AWS Lambda VPC ENI: .*", now will look like this: "AWS Lambda VPC
    ENI-xxx-xxxxxxx-xxxxx-xxxxxx-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx". As such, the regex used
    to determine lingering lambda eni's no longer works in all regions, and in the future, when
    this rollout is completed, will not work at all. This will appear to the user as a dependency
    error, if they have any security groups attached to a lambda eni. For example:
Error: Error deleting security group: DependencyViolation: resource sg-xxxxxxxxxxxxxxxxx has a dependent object
	status code: 400, request id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Signed-off-by: Collin J. Doering collin@rekahsoft.ca

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

Relates OR Closes #10044

Release note for CHANGELOG:

Allow vpc enabled lambda's automatically provisioned enis to be removed without dependency errors

Output from acceptance testing:

➜ make testacc TESTARGS='-run=TestAccAWSLambdaFunction_VPCRemoval'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./... -v -count 1 -parallel 20 -run=TestAccAWSLambdaFunction_VPCRemoval -timeout 120m
?       github.com/terraform-providers/terraform-provider-aws   [no test files]
=== RUN   TestAccAWSLambdaFunction_VPCRemoval
=== PAUSE TestAccAWSLambdaFunction_VPCRemoval
=== CONT  TestAccAWSLambdaFunction_VPCRemoval
--- PASS: TestAccAWSLambdaFunction_VPCRemoval (101.85s)
PASS
ok      github.com/terraform-providers/terraform-provider-aws/aws       101.875s
testing: warning: no tests to run
PASS
ok      github.com/terraform-providers/terraform-provider-aws/aws/internal/flatmap      0.008s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags 0.006s [no tests to run]

@rekahsoft
Change description regex after aws lambda eni enhancement rollout
801b10f 
* aws/resource_aws_security_group.go: As part of this AWS
  announcement (https://aws.amazon.com/blogs/compute/announcing-improved-vpc-networking-for-aws-lambda-functions/),
  eni's created by lambda will now have a different description. This is not explicitly
  documented, but was found in region 'eu-west-1', and will affect more regions over the next
  few months as AWS rolls out this change. This description, which used to be a string of the
  form "AWS Lambda VPC ENI: .*", now will look like this: "AWS Lambda VPC
  ENI-xxx-xxxxxxx-xxxxx-xxxxxx-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx". As such, the regex used
  to determine lingering lambda eni's no longer works in all regions, and in the future, when
  this rollout is completed, will not work at all. This will appear to the user as a dependency
  error, if they have any security groups attached to a lambda eni. For example:

Error: Error deleting security group: DependencyViolation: resource sg-xxxxxxxxxxxxxxxxx has a dependent object
	status code: 400, request id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Signed-off-by: Collin J. Doering <collin@rekahsoft.ca>
@rekahsoft rekahsoft requested a review from a team October 1, 2019 18:51
@ghost ghost added size/XS Managed by automation to categorize the size of a PR. service/ec2 Issues and PRs that pertain to the ec2 service. labels Oct 1, 2019
@bflad
Copy link
Contributor

bflad commented Oct 1, 2019

Hi @rekahsoft 👋 Thank you for submitting this. This change will already be included in version 2.31.0 of the Terraform AWS Provider as part of some changes on top of #10114, which are due to land shortly. The changes will be released on Thursday. 👍

@bflad bflad closed this Oct 1, 2019
@ghost
Copy link

ghost commented Nov 1, 2019

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Nov 1, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
service/ec2 Issues and PRs that pertain to the ec2 service. size/XS Managed by automation to categorize the size of a PR.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

AWS changes in eu-west-1 region impacting aws_lambda_function proper deletion
2 participants
@rekahsoft @bflad